<?xml version="1.0" encoding="UTF-8" ?><OAI-PMH xmlns="http://www.openarchives.org/OAI/2.0/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.openarchives.org/OAI/2.0/ http://www.openarchives.org/OAI/2.0/OAI-PMH.xsd"><responseDate>2026-07-05T17:38:04Z</responseDate><request identifier="10.35097/prcfrppz0c1f1e28" metadataPrefix="datacite" verb="GetRecord">https://www.radar-service.eu/oai/OAIHandler</request><GetRecord><record><header><identifier>10.35097/prcfrppz0c1f1e28</identifier><datestamp>2026-07-01T09:24:49Z</datestamp><setSpec>radar4kit</setSpec></header><metadata><resource xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://datacite.org/schema/kernel-4" xsi:schemaLocation="http://datacite.org/schema/kernel-4 https://schema.datacite.org/meta/kernel-4.6/metadata.xsd">
  <identifier identifierType="DOI">10.35097/prcfrppz0c1f1e28</identifier>
  <creators>
    <creator>
      <creatorName>Fruböse, Clemens</creatorName>
      <givenName>Clemens</givenName>
      <familyName>Fruböse</familyName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0009-0003-0438-6545</nameIdentifier>
      <affiliation>Karlsruhe Institute of Technology</affiliation>
    </creator>
  </creators>
  <titles>
    <title>IEC 61850 traffic at ANSI 87T differential protection attacks</title>
  </titles>
  <publisher>Fruböse, Clemens </publisher>
  <dates>
    <date dateType="Created">2025-2026</date>
  </dates>
  <publicationYear>2026</publicationYear>
  <subjects>
    <subject>Information Technology</subject>
    <subject>IEC 61850</subject>
    <subject>IEC/IEEE 61850-9-3</subject>
    <subject>IEC 61850-9-2</subject>
    <subject>Precision Time Protocol (PTP)</subject>
    <subject>Sampled Values (SV)</subject>
    <subject>GNSS spoofing</subject>
    <subject>Digital substation cybersecurity</subject>
    <subject>Time Synchronization</subject>
    <subject>IEC 61869-9</subject>
  </subjects>
  <resourceType resourceTypeGeneral="Dataset">network capture of IEC 61850 Sampled Values, Precision Time Protocol and GOOSE messages</resourceType>
  <rightsList>
    <rights rightsURI="info:eu-repo/semantics/openAccess">Open Access</rights>
    <rights schemeURI="https://spdx.org/licenses/" rightsIdentifierScheme="SPDX" rightsIdentifier="CC-BY-NC-4.0" rightsURI="https://creativecommons.org/licenses/by-nc/4.0/legalcode">Creative Commons Attribution Non Commercial 4.0 International</rights>
  </rightsList>
  <contributors>
    <contributor contributorType="RightsHolder">
      <contributorName>Karlsruhe Institute of Technology</contributorName>
      <nameIdentifier nameIdentifierScheme="ROR" schemeURI="https://ror.org/">https://ror.org/04t3en479</nameIdentifier>
    </contributor>
    <contributor contributorType="ProjectLeader">
      <contributorName>Fruböse, Clemens</contributorName>
      <nameIdentifier nameIdentifierScheme="ORCID" schemeURI="http://orcid.org/">0009-0003-0438-6545</nameIdentifier>
      <affiliation>Karlsruhe Institute of Technology</affiliation>
    </contributor>
    <contributor contributorType="ProjectMember">
      <contributorName>Seiquera, John</contributorName>
      <affiliation>Karlsruhe Institute of Technology</affiliation>
    </contributor>
  </contributors>
  <descriptions>
    <description descriptionType="Abstract">During GNSS attacks on a time server in an electrical substation, the time service is affected and, accordingly, time-critical protection functions can misoperate. In our threat model, these trips are maliciously triggered via time synchronization attacks (using the so-called two-clock GNSS attack). These data show how IEC 61850 Sampled Values, IEEE 1588 Precision Time Protocol, and GOOSE traffic behave under these attacks, with GOOSE messages proving the misoperation of the differential protection IED.
This is the complementary dataset for the paper: "Malicious GNSS Spoofing Causing False Trips in IEC 61850 Multivendor Substations" by Fruböse et al. (2026).</description>
    <description descriptionType="Other">This work was funded by the Topic Engineering Secure Systems of the Helmholtz Association (HGF) (POF IV, LK 01, 46.23.02) and supported by KASTEL Security Research Labs, Karlsruhe.</description>
    <description descriptionType="Other">Payload which discloses vendor information is replaced.</description>
  </descriptions>
  <fundingReferences>
    <fundingReference>
      <funderName>Karlsruhe Institute of Technology</funderName>
      <funderIdentifier funderIdentifierType="ROR" schemeURI="https://ror.org/">https://ror.org/04t3en479</funderIdentifier>
    </fundingReference>
  </fundingReferences>
  <sizes>
    <size>43,4 GB</size>
  </sizes>
  <formats>
    <format>application/x-tar</format>
  </formats>
</resource></metadata></record></GetRecord></OAI-PMH>